I am researching GnuPG for my employer. We will stick with the old release series 2.2 at first, because few Linux distributions package 2.3 or 2.4 yet. However, I'm studying newer versions and recent developments to ease our future upgrades. In doing so, a question has arisen: should background services like the agent not be managed with systemd?
Daniel Kahn Gillmor [introduced][1] and maintained systemd unit files and also implemented `--supervised` for the [agent][2] and [dirmngr][3] as part of version 2.1.16. However, `--supervised` has been [deprecated][4] since version 2.3.6 and Werner recently [removed the systemd unit files][5] altogether. In fact, he commented the following on [task T6336][6] about two months ago: > Actually, the entire systemd based launching is deprecated and thus the > logged warning [about `--supervised`] is on purpose. > > The problem with the systemd launched gpg-agent is that it creates a race: > gpg launches gpg-agent as needed and to avoid concurrent launching by other > gpg or gpgsm processes, it takes a file system lock during the launch > process. systemd does not know about this and we end up with sometimes end up > with two gpg-agent processes. Eventually one of those processes detects that > it does not own the socket and terminates itself. No real harm here but you > may see smart card lockups or a flushed password cache. For what it's worth, the systemd setup (as packaged with series 2.2) works very well for me. In particular: - background services are managed through a common interface (that of systemd); - logs are centralized; and - the agent starts whenever OpenSSH needs it, thanks to socket activation. I have experienced only one limitation: there is no convenient way for systemd to manage background processes for [ephemeral home directories][7], which I have been using extensively for my research & testing. [1]: https://dev.gnupg.org/rG57e95f5413e21cfcb957af2346b292686a5647b7 [2]: https://dev.gnupg.org/rG9f92b62a51d2d60f038fdbe01602865c5933fa95 [3]: https://dev.gnupg.org/rG75f8aaf5bc2dc7fcffe2987a572d489155c91eb9 [4]: https://dev.gnupg.org/rGca5d5142c6d6eaba4572a086f8473e4aebdd3f9e [5]: https://dev.gnupg.org/rGeae28f1bd4a5632e8f8e85b7248d1c4d4a10a5ed [6]: https://dev.gnupg.org/T6336 [7]: https://www.gnupg.org/documentation/manuals/gnupg/Ephemeral-home-directories.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
